A familiar philosophical divide is now shaping the privacy L2 debate on Ethereum. I feel like the blockchain industry has a habit of reinventing itself while pretending the past never happened. We launch new chains, invent new terminology, and declare new paradigms, only to quietly recreate the exact same debates we had five years ago.
At its core, this is one of the most fundamental questions in the space: mandatory privacy vs. opt-in privacy. That distinction defined the split between the Monero and Zcash camps for the past decade, and now the same trade-offs are reappearing in almost identical form in the L2 ecosystem. The technology may be new, but the argument is the same.
The Privacy Coins
Monero
Despite its rocky beginnings, Monero launched with a clear principle that every transaction is private. You can't send a transparent Monero transaction even if you want to, because of
- Ring signatures mix your real input with decoys so nobody can tell who sent what
- Stealth addresses generate a one-time address for every transaction.
- RingCT hides amounts using Pedersen commitments.
What this really means is that the main parts of a transaction—the sender, receiver, and amount—are hidden. Anonymity is reached within the whole UTXO chain, because every transaction includes decoys from others. Anonymity set is basically the entire network, since we are hiding in a crowd of everyone
Zcash
Zcash said: okay, but what if we give people the choice? They built two types of addresses, transparent t-addresses that work like Bitcoin, and shielded z-addresses that use zk-SNARKs to hide everything. Users choose when to use privacy.
The idea was sound. The reality was that almost nobody actually used the shielded pool in the start. Most Zcash transactions stayed transparent, with a small change today because of the recent privacy coin rally in late 2025. The shielded pool uses a UTXO-like model with notes and nullifiers. When you receive shielded ZEC, a note is created and when we spend it, a nullifier is published that marks the note as spent without revealing which note it was.
The main problem is that the shielded anonymity set is only as large as the number of people actually using shielded addresses. A privacy pool with 12 people in it isn't exactly hard to deanonymize with timing analysis.
Monero fans have been (rightfully) dunking on this "opt-in" model for years, for good reason.
The L2 Privacy Coins
Aztec = Monero
Aztec took the Monero approach for its privacy model. This is reflected in how the project describes itself in their overview: "Aztec is a privacy-first Layer 2 on Ethereum." The same emphasis appears in its branding as a “privacy-first zkRollup.” Private state is the default. It is built into the architecture where everyone is private by default, and can opt out if they want.
Its technical implementation is similar to Zcash’s shielded pool approach, using SNARKs and a nullifier tree. Like Monero, which built its protocol from scratch rather than transparently forking Bitcoin, Aztec has built an entirely new stack: a new VM, a new language Noir, and a new execution model. As a result, you cannot simply deploy a Solidity contract on Aztec since the environment is fundamentally different.
Another key difference is that this new VM heavily relies on client-side execution. Private functions run locally in the Private Execution Environment (PXE) on the user’s device, meaning the network never sees the private state. Only public functions execute on the Aztec Virtual Machine (AVM).
Like Monero, the design assumes privacy must be mandatory by default.
Starknet = Zcash
The connection between Starknet and Zcash extends beyond the protocol level and is also reflected in their leadership. Eli Ben-Sasson co-invented both the Zerocash protocol and STARKs, and was also a founding scientist of the Zcash Company.
Like Zcash, Starknet does not make privacy the protocol's mandatory default. The chain's base architecture is oriented around scalability and computational integrity, but privacy is layered on top, and users choose whether to engage with it. Starknet treats the idea that privacy and transparency can coexist as a core commitment, from the proof layer, to the application layer, to its hash functions and the Cairo language, every component is built to be ZK-friendly, with the idea that users should control what they reveal, and when.
What solidifies this for me is the newly launched STRK20 standard that makes this explicit where STRK20 can wrap any existing ERC20 for private transfers. You move tokens into the shielded pool, transact privately, and unwrap when done. Exactly like moving between shielded and unshielded pools in Zcash.
One advantage Starknet has over Zcash is that, by using STARKs, it requires no trusted setup and is post-quantum resistant.
The Competing Privacy Strategies
The core of the disagreement lies in how and where anonymity is defined within the system.
Monero’s argument is that optional privacy fails because most users won’t use it. A small shielded pool makes privacy itself a signal, allowing observers to correlate entries and exits through timing analysis.
Zcash’s argument is that mandatory privacy is too costly. Opt-in privacy lets the ecosystem grow first, with the shielded pool expanding as adoption increases.
In practice, Monero’s concern has largely held up in that Zcash’s shielded usage remains relatively small compared to its transparent transactions, but Zcash has gained enormously in the case of usability on exchanges and for institutional investors.
Aztec’s bet is to make privacy the default at the L2 level so every user is part of the anonymity set, but this requires a new execution environment and rebuilding the DeFi stack as it currently stands today.
Starknet’s bet is to preserve the existing DeFi ecosystem and add privacy through STRK20. The anonymity set grows with adoption, while encrypted viewing keys enable compliance for institutional users.
Compliance
A topic one could either love or hate. And this is where most of the core debate comes in.
Monero by default has no compliance mechanism. It's fully anonymous. This led to exchange delistings across the world, and several countries have effectively banned it. The privacy is uncompromising, but the regulatory consequences are real. Good luck finding an institutional investor wanting to make an XMR ETF for you in the near future.
Zcash has viewing keys. Their approach is that a z-address holder can share a viewing key that lets a specific party see their shielded transactions without compromising the privacy of the overall pool. This was designed for exactly this use case, so an exchange or regulator can verify your transaction history.
Compliance on L2
Aztec has support for different keys based on what you would like to expose, but the default private architecture means regulators start from a position of having no visibility.
Starknet's Privacy Pool requires users to register an encrypted viewing key on-chain when joining. A designated auditor can decrypt a specific user's key upon legal request. The privacy of other participants isn't compromised. This is structurally identical to Zcash's viewing key model, applied to L2 privacy pools.
TLDR; Zcash and Starknet follow a more pragmatic path toward institutional adoption. Monero and Aztec prioritize stronger privacy guarantees, at the cost of wide adoption and maybe exchange listings down the road. The underlying debate is the same, only with new technology...
Can History Tell Us Anything?
Monero and Zcash have coexisted for nearly a decade. Neither killed the other. Monero has its community, Zcash has its institutional path. I think Aztec and Starknet will end up the same way.
But if I had to bet on which privacy model wins long-term, privacy-by-default models and the FCMP++ upgrade coming to Monero are pushing me toward the mandatory privacy side. The math is getting too good to ignore. When your anonymity set is 100 million and there are zero statistical leaks, the privacy guarantees are just objectively stronger than an opt-in pool where most users don't opt in.
In the short term, Starknet may have the advantage. It already has the ecosystem, the DEXs, the lending, the liquidity. Adding privacy to an existing ecosystem where people are already transacting is easier than convincing people to migrate to a new chain with new tooling.
The risk, of course, is the Zcash problem repeating itself. If STRK20 adoption stays low, the shielded pool remains small and the anonymity guarantees weakens, and Aztec maxis telling you "we told you so."
The core question hasn't changed since 2016: should privacy be mandatory or optional? The technology has improved, Monero’s upcoming FCMP++ is a good example of that, but the debate itself hasn’t moved an inch. And it probably never will. At its core, it’s a values question disguised as a technical one: institutional and compliance-friendly versus privacy by default.
It’s also worth noting that Monero is the only major privacy system in this debate that isn’t backed by a company. No foundation, no venture funding, no corporate roadmap. Just an open-source community pushing the privacy-first model forward. And previous bounties for anyone able to break it, and the upcoming FCMP++ removing many known attack vectors, that trajectory is becoming harder to ignore.
For Ethereum’s privacy L2s, the coming years will show if Starknet, with their STRK20 can achieve any meaningful adoption, and whether Aztec can establish itself among the leading L2s.
